Discuss this help topic in SecureBlackbox Forum
Validate Authenticode
SecureBlackbox offers a component, TElAuthenticodeManager, for validating signatures made over executable (.exe and .dll) files. Typical validation procedure consists of the following steps:
TElAuthenticodeManager manager = new TElAuthenticodeManager();
bool signed = manager.Open(@"C:\bin\program.exe");
Open() returns true if the file is signed (i.e. contains at least one Authenticode signature),
and false otherwise. If the file cannot be opened or an error occured while parsing the authenticode block, an exception is thrown containing one of the
error codes.
for (int i = 0; i < manager.SignatureCount; i++)
{
TElAuthenticodeSignature signature = manager.get_Signatures(i);
Console.WriteLine("Signature #{0}: {1} (url: {2})", signature.Index, signature.Description, signature.URL);
Console.WriteLine("Signer: " + (signature.SigningCertificate == null) ? "UNKNOWN" : signature.SigningCertificate.SubjectName.CommonName);
if (signature.Timestamp != null)
{
if (signature.Timestamp.TimestampType == TSBAuthenticodeTimestampType.actTrusted)
Console.WriteLine("RFC3161 timestamp detected: " + signature.Timestamp.SigningTime.ToLongDateString());
else
Console.WriteLine("Legacy timestamp detected: " + signature.Timestamp.SigningTime.ToLongDateString());
}
if (signature.Validity == TSBAuthenticodeValidity.acvValid)
Console.WriteLine("Signature is valid");
else
Console.WriteLine("Verification failed, error " + signature.Validity.ToString());
}
for (int j = 0; j < signature.Certificates.Count; j++)
{
TElX509Certificate certificate = signature.Certificates.get_Certificates(0);
Console.WriteLine("Certificate #{0}: {1}", j, certificate.SubjectRDN.SaveToDNString());
}